Georgia’s aging, paperless voting machines have been called a “sitting duck” for hackers. Six million Georgia voters had reams of personal information exposed by a data breach in Republican Secretary of State Brian Kemp’s office earlier this year.

Yet Kemp is refusing an offer from the Department of Homeland Security to help shore up the cyber-security of the state’s vulnerable voting machines. Instead, he accused the federal government of attempting to “subvert the Constitution to achieve the goal of federalizing elections under the guise of security.” He said the state is capable of handling its own election security, and opined a hack is “not probable at all.”

Less than a year ago, Kemp’s office accidentally mailed out a dozen discs containing the private information of more than six million Georgia voters, including Social Security numbers, birth dates, and driver’s license numbers. At the time, Kemp told state lawmakers that while he is “no expert on data security,” he was confident that no information “made it out to the bad guys.”

A year before that, tens of thousands of new voter registrations went missing from the state’s database — the vast majority of them belonging to low-income people of color.

Once solidly Republican, a massive effort to register voters of color and a major immigration influx have helped put Georgia on the cusp of becoming a swing state. Donald Trump’s polarizing campaign is not helping the GOP’s cause, and polls for both the presidential and Senate races are tight. This makes Georgia an even more attractive target for hackers, who could flip votes in just a few counties to change the outcome statewide.

Georgia is also one of the few states to still use electronic voting machines that have no paper trail, making a post-election audit to check for hacking or vote-flipping nearly impossible. The decade-old software the machines use — Windows 2000 — also makes the system a “sitting duck” for hackers, cyber-security experts told NPR.

The under-funded U.S. election system is vulnerable to sophisticated foreign government operations like the Russian team that allegedly hacked the DNC and amateurs alike. Malware can be planted in voting machines fairly easily and remain undetected. Private companies have demonstrated that many machines can be hacked using a chip anyone can buy online for about $15. The FBI reported Monday that foreign hackers have already gained access to voter databases in Arizona and Illinois, inserting malicious software and stealing information on hundreds of thousands of residents.

Still, Georgia and other states are refusing the federal government’s offer to inspect their voting systems for bugs and other vulnerabilities, characterizing it as a sneaky federal intrusion on state sovereignty under the guise of trumped up hacking concerns. Currently, only 12 states require full federal certification of their voting machines.

Instead, Kemp and other Republican secretaries of state have focused most of their efforts on combating in-person voter fraud, the rate of which is “infinitesimal” according to a recent national, multi-year study. The study, conducted by a team at the Walter Cronkite School of Journalism in Arizona, found just 10 proven cases of voter impersonation since 2000 — out of 146 million votes cast.